To add Splunk as a destination in the Cloud Service Portal, complete the following:
- Log in to the Cloud Service Portal.
- Click Manage -> Data Connector.
- On the Destination Configuration tab, from the Create drop-down list, choose Splunk. The Create Splunk Destination Configuration screen appears.
- In the Name field, enter the name of the destination. Select a name that best describes the destination and can be distinguished from other destinations. The field length is 256 characters.
- In the Description field, enter the description of the destination. The field length is 256 characters.
- Use the State slider to enable or disable the destination configuration. By default, the State is disabled. If the destination configuration is disabled, you will not be able to select this destination when creating a traffic flow.
- In the Splunk Details section, complete the following:
- FQDN/IP: Enter the FQDN or the IP address of the Splunk indexer to which you want the Data Connector to send data.
- Port: Enter the receiving port number that is configured for the Splunk indexer. Although 9997 is configured as the default port number, ensure that you input the port number that is configured for the Splunk indexer.
- Index Name: Enter the name of the Splunk index. An index is a collection of directories and files that are located under
- Insecure Mode: Based on the mode that you intend to use for data transport, perform one of the following:
- Insecure mode: By default, the Insecure Mode check box is enabled. Retain the selection if you intend to use the insecure mode.
- Secure mode: Clear the Insecure Mode check box and complete the following steps to upload certificates for secure transport.
- (For secure mode only) In the Splunk Forwarder Certificate section, complete the following:
- Forwarder Certificate: Click Select file, browse to the respective path, and upload the forwarder certificate for the Splunk forwarder. You need to first generate a certificate request in .PEM format. This certificate request must be signed by the third-party Certification Authority for you to get a forwarder certificate. For more information, refer to the Splunk documentation.
- Certificate Key Passphrase: Enter the key passphrase for the certificate.
(For secure mode only) In the Splunk CA Certificate section, click Select file, browse to the respective path, and upload the CA signed certificate for the Splunk indexer.
- Click Save & Close to create the destination.
For information on updating the Splunk server's configuration files, see Updating the Configuration Files.